CVE-2024-6477 – The UsersWP WordPress plugin before version 1.2... (How to Fix)

Q: What is the severity of CVE-2024-6477?

CVE-2024-6477 has a CVSS score of 7.5 (HIGH). The UsersWP WordPress plugin before version 1.2.12 generates predictable filenames for admin export files, allowing unauthenticated attackers to download these files and access sensitive user information including IP addresses, usernames, and email addresses. This affects all WordPress sites running vulnerable versions of the UsersWP plugin.

📋 TL;DR

The UsersWP WordPress plugin before version 1.2.12 generates predictable filenames for admin export files, allowing unauthenticated attackers to download these files and access sensitive user information including IP addresses, usernames, and email addresses. This affects all WordPress sites running vulnerable versions of the UsersWP plugin.

💻 Affected Systems

Products:

UsersWP WordPress Plugin

Versions: All versions before 1.2.12

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires plugin to be installed and active; vulnerability exists when admin exports user data.

📦 What is this software?

Userswp by Ayecode

View all CVEs affecting Userswp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers download all exported user data containing PII, leading to data breaches, credential harvesting, and potential follow-on attacks using stolen information.

🟠

Likely Case

Unauthenticated attackers access exported user lists containing email addresses and usernames, enabling targeted phishing campaigns and reconnaissance.

🟢

If Mitigated

No data exposure occurs due to proper access controls, file permissions, or timely patching.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires guessing predictable filenames; automated tools can easily brute-force common patterns.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.12

Vendor Advisory: https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find UsersWP plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.2.12+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Delete existing export files

linux

Manually locate and delete any existing export files generated by the plugin to remove exposed data.

find /path/to/wordpress -name "*export*" -type f -delete

Restrict access to uploads directory

all

Add .htaccess rules to block direct access to export files in wp-content/uploads directory.

Add to .htaccess: Order Allow,Deny
Deny from all

🧯 If You Can't Patch

Disable the UsersWP plugin immediately until patching is possible.
Implement web application firewall rules to block requests to predictable export file patterns.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for UsersWP version. If version is below 1.2.12, system is vulnerable.

Check Version:

wp plugin list --name=userswp --field=version

Verify Fix Applied:

Confirm UsersWP plugin version is 1.2.12 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

HTTP 200 responses to requests for predictable filenames like *export*.csv in uploads directory
Unusual download patterns from /wp-content/uploads/ directory

Network Indicators:

GET requests to /wp-content/uploads/*export* from unauthenticated IPs

SIEM Query:

source="web_logs" AND uri_path="/wp-content/uploads/" AND uri_query="*export*" AND response_code=200

📊 Metadata

CVE ID: CVE-2024-6477

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: August 3, 2024

Last Updated: August 22, 2025

🔗 References

https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON